Worldwide spending on internet-connected devices and platforms (often referred to as the Internet of Things, or IoT) could reach as much as $1.4 trillion in 2021, making this an attractive area for investment. However, investors should assess the attendant privacy and data protection risks of any potential opportunities.

A recent NYSE Governance Services/Veracode Survey Report found that 85% of public company directors and officers reported that an M&A transaction in which they were involved would likely or very likely be affected by “major security vulnerabilities.”

Cybersecurity is one of the top five business risks identified by major corporates, particularly those in retail, health, and technology. Despite this, buyers still fail to undertake detailed cyber due diligence as a matter of course.

For most business combinations—M&A, joint venture, or leveraged buyout—cybersecurity should be a risk category in its own right. Every target business should be able to readily identify which information technology (IT) systems and data sets are most valuable to the business and explain at a high level how they are protected.